Discretionary Access Control (DAC)
Discretionary access control (DAC) is an access control model where each resource is protected by an access control list (ACL) managed by the resource’s owner(s).
- every resource has an owner
- an owner creates a file or service
- although ownership can be assigned to another user
- is discretionary
- owner has full control over the resource
- can modify its access control list (ACL) to grant rights to others
- determines who has access and to what extent
- owner has full control over the resource
- most flexible model
- uses
- the default model used in file system security
- found in most operating systems
- common at home and small business environments
- Cons
- weakest model
- makes centralized administration of security policies the most difficult to enforce
- easiest to compromise
- vulnerable to insider threats and abuse of compromised accounts
- weakest model
- a security group account partially turns a discretionary system into a role-based one